Addressing shim review comments re: patch file format
Creating patch files using git format-patch

The patch files that we use to pull in upstream shim changes are not
well formatted, and their origin cannot be easily determined without
additional context.  This new set of patch files has been generated
using git format-patch, ensuring that upstream origin is clearly
identifiable for each.

The Dockerfile is updated to utilize the new patch file names.  The
patches that get applied have not changed, so binaries produced by a
build with them applied should have hashes that match the v9 tag.

TEST=make build-no-cache & make copy

Verify that the sha256 hash for shimia32.efi is

Verify that the sha256 hash for shimx64.efi is

Change-Id: I9d2c408db7c144e8227fe153cfdc0474084070b4
8 files changed
tree: 40bbe9fa5f7f6f33c42b30c43ab5c7483321b5b3
  1. .gitignore
  2. 0001-Don-t-call-QueryVariableInfo-on-EFI-1.10-machines.patch
  3. 0002-Fix-handling-of-ignore_db-and-user_insecure_mode.patch
  4. 0003-Fix-a-broken-file-header-on-ia32.patch
  5. 0004-mok-allocate-MOK-config-table-as-BootServicesData.patch
  6. Dockerfile
  7. Makefile
  8. neverware.cer
  11. sbat.csv


Build shim in a Docker container.

Makefile targets

Build shim in a Docker container:

make build

Build with the cache turned off to get the full build log:

make build-no-cache

Copy the shim builds from the container to the host:

make copy

View details of the public certificate:

make cert-info

View SBAT section of the shim binaries:

make dump-sbat